A system for identify threats to the security of an owner's electronic information by performing a secondary background authorization (SABA) that is transparent to the requester to verify or flag unauthorized access to systems, data or company offices being requested. The secondary background authorization relies on a proprietary security, big data pattern-matching, and modeling approach made possible by the creation, expansion, and analysis of new “data streams” that, together with Operating systems, applications, and devices data, uniquely allows the system to determine a security access risk and provide information to the owner.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A secondary background security system for monitoring confidentiality of a user's emails, files and other data by monitoring and evaluating access to said user's emails, files and other data stored on monitored resources and alerting said user about such access when such access is not by said user or by a second user specifically delegated by the first user to view said e-mails, files and other data, the system comprising: a hardware server on which is installed a central system management module; a local collector system configured to read technical data from monitored resources and to send technical data to said central system management module; a geo-location collector system comprising geo-location agents installed on user devices configured to read geo-location data from user devices and to send geo-location data to geo-location extractor modules; said geo-location extractor modules configured to collect geo-location data from geo-location agents and send data to said central system management module; said central system management module in communication with the local collection system and the geo-location extractor modules, said central system management module comprising a system database, an analysis and extrapolation system, and an alerting system, the system database including a temporary dataset for collected data processing, a personal authentication data for owners (PADO) dataset of monitored resources containing verified information collected by the system about said user, said verified information including: said user's work usages, said user's device usages, said user's application usages, said user's geo-location defined from activity and devices; a theoretical authentication data requester (TADR) dataset containing information collected by the system concerning a requestor that is accessing said user's e-mails, files or other data; and a technical dataset for rules and configurations; the analysis and extrapolation system comprising: a collector engine configured to receive information from local collector systems, and to aggregate and extrapolate data associated with the received information, and an analysis engine that detects access to critical data based on a type analysis processor to identify type of data, data stream processors to build profile, to geocode and to send data to the associated data store; and a functional and extrapolation rules processor, said analysis engine and said functional and extrapolation rules processor together configured to compare said TADR to said PADO when there has been an access to said user's emails, files, or other data, and to make a determination as to whether said access to said user's emails, files, or other data was by said user, by a second user specifically delegated by the first user, or by another user not specifically delegated by the first user to view said user's emails, files or other data; and the alerting system configured to communicate with the analysis and extrapolation system and to send messages to said user, when said access is by a user not specifically delegated by the first user to view said user's emails, files or other data; wherein the system is further configured to update the PADO data set for said user when said access is verified by said analysis engine and said functional and extrapolation rules processor to be by said user.
This system monitors a user's emails, files, and data for unauthorized access and alerts the user. It includes a server with a central management module, a local collector to gather technical data from monitored resources (like devices and applications), and a geo-location collector using agents on user devices. The geo-location collector sends location data to extractor modules, which then send it to the central management module. The central module analyzes this data, comparing a "Theoretical Authentication Data Requester (TADR)" profile (of who is trying to access the data) to a "Personal Authentication Data for Owners (PADO)" profile (of the user). PADO includes user's work, device, application usages and geolocation. If the access isn't by the user or a delegate, an alert is sent. The system also updates the user's PADO profile when access is verified as legitimate.
2. The system of claim 1 , wherein the geo-location collector systems are installed in user's Information Technology environment or on user's devices, and are used to collect geo-location data and to send it to the central system management module.
The geo-location collectors, as described in the system that monitors user data access and alerts the user to unauthorized attempts, are installed within the user's IT environment or directly on user devices. These collectors gather geo-location data, which is then transmitted to the central system management module for analysis and comparison against user profiles. This location data helps to verify the legitimacy of data access requests.
3. The system of claim 1 , wherein the local collector system comprises a set of programs that retrieve information from sources installed on monitored user devices, applications, including protected systems, and systems that are relevant.
The local collector system, part of the user data access monitoring system, consists of a set of programs. These programs retrieve information from various sources installed on monitored user devices and applications, including protected systems and other relevant systems. The gathered data is then sent to the central system management module for analysis.
4. The system of claim 1 , wherein the analysis engine includes: a. a type analysis processor, b. a TADR data stream processor, c. a PADO data stream processor, d. a geo-location system, and e. said functional and extrapolation rules processor.
The analysis engine, a component of the user access monitoring system, includes several key components. There's a type analysis processor, which defines the type of data stored in the TADR dataset. Also included are a TADR data stream processor for the requesting party's profile, a PADO data stream processor for the user's profile, a geo-location system to verify the location, and a functional and extrapolation rules processor to make access decisions based on all collected and analyzed data.
5. The system of claim 1 , wherein the analysis and extrapolation system provides an interface via which an user enters information about his activity, defines new rules used by the analysis engine, and receives configuration information.
The analysis and extrapolation system, within the user data monitoring setup, provides an interface. Through this interface, a user can manually input information about their activities, define new rules that the analysis engine should use to determine authenticity, and receive configuration information from the system itself.
6. The system of claim 1 , wherein the analysis engine retrieves, stores, manipulates data stored in the system database and executes operations to determine if the requester is the person he claims to be.
The analysis engine, which forms part of the user data monitoring system, interacts directly with the system database. It retrieves, stores, and manipulates the data stored within the database. The engine then executes operations using the extracted data to determine if the requesting party is indeed who they claim to be.
7. The system of claim 4 , wherein the collector engine analyzes technical data from the local collector system and geo-location information from the geo-location system to determine whether the technical data and geo-location information is from a new connection or action or from an existing connection, and, a. if it is a new connection or new action, sends information to the TADR data stream processor; b. if it is an action from an existing connection, sends information to the PADO data stream processor.
The collector engine, within the user data monitoring system, analyzes technical data from local collectors and geo-location information. It determines whether this information represents a new connection/action or an existing one. If it's new, the information is sent to the TADR data stream processor to build the requester profile. If it's from an existing connection, the information is sent to the PADO data stream processor to update the user's profile.
8. The system of claim 4 , wherein the type analysis processor defines the type of data stored in the TADR dataset.
The type analysis processor, a part of the analysis engine in the user monitoring system, is responsible for defining the type of data that is stored within the Theoretical Authentication Data Requester (TADR) dataset. This ensures that the data is properly categorized and can be used effectively for analysis.
9. The system of claim 4 , wherein the PADO data stream processor is used to build the user profile based on information sent by the local collector system, filtered and transferred by the collector engine, geo-location information sent by the geo-location extractor modules and transferred by the collector agent or data filled by the user directly through the management and configuration website.
The PADO (Personal Authentication Data for Owners) data stream processor, in the described user access monitoring system, builds a user profile. It does so using information sent by local collectors, filtered and transferred by the collector engine. It also uses geo-location information from geo-location extractor modules and data directly entered by the user through a management interface.
10. The system of claim 4 , wherein the TADR data stream processor is used to build the requester profile based on information sent by the local collector system, filtered and transferred by the collector engine.
The TADR (Theoretical Authentication Data Requester) data stream processor, within the user data access monitoring system, is responsible for constructing a profile of the requester. It utilizes information sent by the local collector system, after it has been filtered and transferred by the collector engine.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 31, 2012
August 1, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.